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DETAILED ACTION 



1. 



The response of 3/7/2005 was received and considered. 



2. 



Claims 1-66 are pending. 



Response to Arguments 



3. Applicant's arguments filed 3/7/2005 have been fully considered but they are not 
persuasive. 

Applicant's response (p. 10, ^4 - p. 1 1 , ^l) asserts that Xu teaches away from the 
presently claimed invention because ATM uses a unit of data transmission called a cell. Further, 
Applicant's response (p. 1 1, ^2) asserts that Xu requires one or a plurality of ATM cells/packets 
to be received and processed and finds only disclosure addressing the need to received one or 
more entire ATM cells/packets and therefore Xu is "directly opposing" the claimed invention. 
However, the Examiner disagrees with Applicant's assertion (p. 1 1, ^jl) that "The ATM cell in 
Xu, to the extent that a proper correspondence may be drawn, corresponds to a packet in the 
present claims". The Xu reference teaches transferring packets, the packets being sent in units of 
a cell. Further, despite the fact that ATM transmits "cell" as one unit of transmission, ATM is 
still a "packet-based" network, wherein data is transmitted and received in the form of a plurality 
of packets" because ATM cells carry packets. As such, Xu discloses allowing all cells of a 
packet except the last one (end portion of the packet) to be passed, where the last portion of the 
packet (last cell) is selectively altered/randomly generated to be invalid if it was determined that 
the packet should be an invalid/unsafe packet (p. 277, P). 

Applicant's response (p. 1 1, 1(3) asserts that the claimed invention uses the packet as the 
unit of data transmission and that the packet is analyzed to determine whether the end portion 
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should be modified. However, as described above, Xu transmits and receives packets and 
filtering decisions are made based on that - the result of which is the modification of the end 
portion of the packet (last ATM cell). 



Claim Objections 

4. Claim 16 is objected to because of the following informalities: The claim depends upon 
"claim 16". For the purposes of this office action, claim 16 is understood to depend upon claim 
15. Appropriate correction is required. 

Claim Rejections - 35 USC §102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed pubhcation in this 
or a foreign country, before the invention thereof by the applicant for a patent 

6. Claims 1-4, 1 1-16, 31-38, 40 & 41 are rejected under 35 U.S.C. 102(a) as being 
anticipated by "Design of A High-Performance ATM Firewall" by Xu. 

Regarding claim 1, Xu teaches receiving a packet from the external computing 
system/WAN over the network (p. 272 §2.1), the packet having at least a first portion/header and 
an end portion/last cell, and transmitting/passing the packet to the internal computing 
system/LAN (p. 277 T|2-4), in parallel with the step of receiving and transmitting the packet, 
determining characteristics/class of the packet from the first portion/header (p. 272 §2.1, p. 277 
P), in parallel with the step of receiving and transmitting the packet, performing a plurality of 
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checks/TCPAP rules on the packet (p. 272 P- 275 ^1), wherein at least certain of the plurality 
of checks are performing in parallel with other of the plurality of checks (p. 280 ^11 -3 & p. 287 
Til), in parallel with the step of receiving an transmitting the packet, determining if the packet 
should be a valid/safe packet or an invalid/unsafe packet based on the plurality of checks/rules 
(pp. 275-278 §2.2.3), and after receiving the end portion/last cell of the packet, selectively 
altering/passing or generating randomly the end portion of the packet based on whether the 
packet has been determined to be a valid/safe packet or an invalid/unsafe packet, wherein the 
packet is selectively altered/generated randomly to be invalid/unsafe if it was determined that the 
packet should be an invalid/unsafe packet (p. 277 T[2). 

Regarding claim 2, Xu discloses the packet being analyzed in real time to determine if the 
packet should be valid or invalid while the packet is being concurrently transmitted to the 
internal computing system/LAN (p. 277 T12-3). 

Regarding claim 3, Xu discloses examining the packet before the last cell has arrived (p. 
277 112-3) 

Regarding claim 4, Xu discloses determining a packet invalid/unsafe if it is determined 
that the packet is harmfiil/dangerous (p. 272 §2.1 & p. 278 T|2). 

Regarding claim 1 1, Xu discloses the plurality of checks/rules being performed with a 
programmable logic device/ ATM firewall with cache, wherein logic within the programmable 
logic device/ATM firewall with cache is selectively programmed to perform the plurality of 
checks in parallel with the receiving and transmitting of the packet (p. 276 T|2-3). 

Regarding claim 12, Xu discloses a physical interface/input module receiving the packet 
from the network (p. 284 §4.2) wherein the packet is coupled to the programmable logic 
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device/ATM firewall with cache, wherein the packet is coupled from the progranmiable logic 
device to a second physical interface/output module (p. 286 §4.3) for transmission to the intemal 
computing system/LAN (p. 282 Fig. 2 & p. 283 §4.1 & Fig. 3). 

Regarding claim 13, Xu discloses the programmable logic device/ATM firewall with 
cache performing a plurality of checks while the packet is being coupled from the first physical 
interface/input module to the second physical interface/output module (pp. 284-286 & p. 277 ^2- 
4). 

Regarding claims 14 & 15, Xu discloses filtering based on port numbers (p. 275 ^1). 
Regarding claim 16, Xu discloses filtering based on IP addresses (source and destination) 
(p. 275111). 

Regarding claim 31, Xu discloses a first interface circuit/input module for coupling data 
packets to and from an external network/WAN (p. 282 Fig. 2 & p. 284 §4.2), a second interface 
circuit/output module (p. 286 §4.3 & p. 283 Fig. 3) for coupling data packets to and from an 
intemal network/LAN (p. 282 Fig. 2 & p. 283 §4.1), a programmable logic device/ATM firewall 
with cache coupled between the first interface circuit/input module and the second interface 
circuit/output module (p. 282 Fig. 2 & p. 283 Fig. 3), wherein as a packet is being received and 
transmitted between the first and second interface circuits (p. 282 §2.1), the packet is 
simultaneously subjected to a plurality of filtering criteria/TCP/IP rules (p. 272 ^\ & p. 275-278 
§2.2.3) by the programmable logic device/ ATM firewall with cache, wherein an end portion/last 
cell of the packet is selectively altered/passed or generated randomly by the progranmiable logic 
device based on the filtering criteria/rules (p. 277 ^2), 
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Regarding claim 32, Xu discloses the filtering criteria determining whether the packet is 
to be a valid/safe packet or an invaUd/unsafe packet, wherein the packet is selectively 
altered/generated randomly to be invalid/unsafe if it was determined that the packet should be an 
invalid/unsafe packet (p. 277 ^2). 

Regarding claim 33, Xu discloses determining characteristics/class (p. 272 §2.1, p. 277 
P), of a packet and a filter portion/call-screening service that subjects the packet to a plurality of 
checks/TCP/IP rules on the packet (p. 272 T|l, p. 273 §2.2.1 & p. 275 ^1), while the packet is 
being received and transmitted between the first and second interface circuits (p. 277 1(2-3). 

Regarding claim 34, Xu discloses a statefiil filter portion/packet-filter (p. 272 §2.1, p. 273 
§2.2.1, p. 285 1|2 & Fig. 5) and a non-statefiil filter portion/traffic-monitor (p. 272 §2.1, p. 273 
§2.2.1 & p. 282 Fig. 2). 

Regarding claim 35 & 36, Xu discloses the statefiil filter portion/packet-filter subjecting 
the packet to one or more statefiil filtering criterion/decision on current packet (p. 285 ^2) while 
the non-stateftil filter portion/rules (p. 275 ^l) subjecting the packet to one or more non-statefiil 
filtering criterion (p. 273 §2.2.1, p. 280 1|1 & p. 285 ^2). 

Regarding claim 37, Xu discloses a result aggregator logic/output module that receives 
one ore more signals/decision fi-om the statefiil filter portion and the non-statefiil filter portion (p. 
292 Til), wherein based on the received signals/decision the result aggregator logic/OM controls 
whether the packet is selectively altered to be invalid/dropped (p. 277 ^2 & p. 292 ^l). 

Regarding claim 38, Xu discloses the result aggregator logic/OM receiving a completion 
signal/decision that indicates whether the stateful and/or non-statefiil filter portions have 
subjected the packet to all of the filtering criteria (p. 292 P). 
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Regarding claim 40, Xu discloses the packet being subjected to the plurality of filtering 
criteria/rules (p. 273 §2.2.1) in parallel with the packet being received and transmitted between 
the first and second interface circuits/modules (p. 280 Ul-3 & p. 287 Tjl), wherein a decision is 
made whether to selectively alter the packet to be invalid by a time when the end portion of the 
packet has been received (p. 277 ^2-4). 

Regarding claim 41, Xu discloses the packet being subjected to the plurality of filtering 
criteria in real time (p. 277 1[2-3) with the packet being received and transmitted between the first 
and second interface circuits/modules (p. 283 Fig. 3). 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 30, 44 & 60 are rejected under 35 U.S.C. 103(a) as being unpatentable over Xu. 
Regarding claim 44, Xu lacks basing a user-controlled switch's state (effectively 

enabling/disabling a predetermined portion of the filtering criteria/rules) on whether a computer 
coupled to the internal network is controlled to operate in a client mode or a server mode. 
However, official notice is hereby taken that it is known in the network firewall art/network 
security art that a client/workstation requires different traffic needs (open ports, bandwidth, 
limitations on number of connections) than does a server. Therefore, it would have been obvious 
to one having ordinary skill in the art at the time the invention was made to base a user- 
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controlled switch's state on whether a computer coupled to the internal network is operating as a 
client or server. One of ordinary skill in the art would have been motivated to perform such a 
modification, as it was knovm in the art to do so. 

Regarding claims 30 & 60, Xu lacks a speaker to provide feedback. However, official 
notice is hereby taken that it was knovm in the art, as the time the invention was made, to 
provide a speaker, such as a PC main board speaker, to provide audio feedback (for example on 
errors). Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to use a speaker in Xu's system to provide feedback. One of ordinary 
skill in the art would have been motivated to perform such a modification as it was known in the 
art to do so. 

9. Claims 5-8, 10, 17-19, 23-27, 29, 42, 43, 45, 46, 47-49, 53-57, 59, 61-63 & 66 are 
rejected under 35 U.S.C. 103(a) as being unpatentable over Xu, as applied to claims 1 & 31 
above, in view of "PacketShaper 4000 Getting Started Version 4.0" by Packeteer. 

Regarding claims 5-8, 10, 42, 43, 45, 61-63 & 66, Xu discloses a firewall system and 
lacks detailed physical description of the device(s), and hence lacks a physical switch affecting 
the operation of the firewall. However, Packeteer teaches that it is known to include a power 
switch to enable/disable function of a device, such as an on/off switch (p. 7). Therefore, it would 
have been obvious to one having ordinary skill in the art at the time the invention was made to 
include an on/off toggle switch, thereby affecting the checks based on the state of the switch, 
affecting the configuration of the checking circuit (on/off), enabling/disabling the checks 
(on/off). The plurality of checks would selectively perform based on the state an on/off switch. 
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An on/off switch would also control the configuration (on/off). One of ordinary skill in the art 
would have been motivated to perform such a modification, as it was well known in the art to do 
so, as taught by Packeteer (p. 7). 

Regarding claims 23, 24, 46, 53 & 54, Xu discloses a firewall system, as modified above, 
but lacks detailed physical description of the device(s), and hence lacks a reset switch. However, 
Packeteer teaches that it is known to include a power switch/reset switch to enable/disable/reset 
function of a device, such as an on/off switch (p. 7). Therefore, it would have been obvious to 
one having ordinary skill in the art at the time the invention was made to include a physical reset 
switch/power switch to reset the device described by Xu. One of ordinary skill in the art would 
have been motivated to perform such a modification, as it was well known in the art to do so, as 
taught by Packeteer (p. 7). 

Regarding claims 17-19, 25, 26, 29, 47-49, 55, 56 & 59, Xu discloses a system, as 
modified above, but lacks visual feedback that the system is operational, the system is subject to 
filtering criteria, a light source indicative of the operating status having a first color or second 
color depending on the status and lacks an LED. However, Packeteer teaches that it is knovra in 
the art to provide a "status LED", being green or amber in color depending on whether shaping 
(filtering) is on/operational (p. 41) on a hardware packet-shaper/packet-filter (p. 1). Therefore, it 
would have been obvious to one having ordinary skill in the art at the time the invention was 
made to include a status LED in Xu's system. One of ordinary skill in the art would have been 
motivated to perform such a modification to convey status information, as was known in the art, 
as taught by Packeteer (pp. 1 & 41). 
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Regarding claims 27 & 57, Xu discloses a system, as modified above, but lacks a light 
source that is selectively controlled to blink depending on the operating status. However, 
Racketeer teaches that it is known to include "network LEDs" to that flicker/blink when 
transmission or receiving activity occurs (p. 41) in a hardware packet-shaper/packet-filter (p. 1). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to include network LEDs in Xu's system. One of ordinary skill in the art 
would have been motivated to perform such a modification to convey activity information, as 
was known in the art, as taught by Packeteer (pp. 1 & 41). 

10. Claims 20-22 & 50-52 are rejected under 35 U.S.C. 103(a) as being unpatentable over Xu 
in view of Packeteer, as applied to claims 18 & 47 above, in further view of "BlacklCE Pro 
User's Guide Version 2.0" by Network Ice Corporation (NIC). Xu discloses a system, as 
modified above, but lacks audio or visual feedback when the system has rejected one or more 
packets, when it is suspected to be under attack, or the severity of the attack. However, NIC 
teaches that to make users aware of attacks and spot trends and patterns of attacks, it is useful to 
provide a list of possible attacks on the system (p. 3 Fig. 3) and indicating the severity (p. 21). 
Further, when a critical or serious event occur, they can cause the blocking of addresses and 
ports/rejection of packets, and indicate this to the user (p. 21 & p. 37). Therefore, it would have 
been obvious to one having ordinary skill in the art at the time the invention was made to use 
visual indicators to indicate when the system has rejected packets and when the system is under 
attack and to indicate the severity of an attack. One of ordinary skill in the art would have been 
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motivated to perform such a modification to make users aware of attacks and to spot trends, as 
taught by NIC (pp. 1, 3, 21 & 37). 

1 1 . Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Xu, as applied to 
claim 7 above, in view of U.S. Patent 6,052,788 to Wesinger, Jr. et al. (Wesinger). Xu discloses 
a system, as modified above to include a user-controlled switch such as a power switch, but lacks 
the circuit being configured or reconfigured based on commands from the internal computing 
system/LAN. However, Wesinger that configuration of firewalls may be easily accomplished by 
running a "configurator" which provides a Web-based front-end for editing configuration files, 
preferably from a secured client (col. 9 lines 31-46). Therefore, it would have been obvious to 
one having ordinary skill in the art at the time the invention was made to change the firewall 
configuration based on commands from the internal computing system/LAN/secure client 
(through a Web-browser interface). One of ordinary skill in the art would have been motivated 
to perform such a modification to easily accomplish firewall configuration, as taught by 
Wesinger (col. 9 lines 31-46). 

12. Claims 28 & 58 are rejected under 35 U.S.C. 103(a) as being unpatentable over Xu in 
view of Packeteer, as applied to claims27 & 57 above, in fiirther view of "BlacklCE Pro User's 
Guide Version 2.0" by Network Ice Corporation (NIC) in ftirther view of U.S. Patent 6,133,844 
to Ahne et al. (Ahne). Xu discloses a system, as modified above, but lacks a light blinking at a 
rate indicative of a severity level of an attack. Packeteer teaches blinking LEDs indicating traffic 
activity (pp. 1 & 41). NIC teaches indicating a severity level of an attack to a user (pp. 1, 3, 21 
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& 37). Ahne teaches that on a printing device, an LED's blink rate, inter alia, can be altered and 
the LEDs can be used to convey the operating status of the device (col. 7 lines 22-52 & col. 8 
lines 20-37). Therefore, it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to use the blink rate of a Hght, as taught by Ahne, on Xu's firewall 
system, as suggested by Packeteer, to indicate the severity level of an attack, as taught by NIC. 
One of ordinary skill in the art would have been motivated to perform such a modification to 
convey operating status to a user, as taught by Ahne (col. 7 lines 22-52 & col. 8 lines 20-37). 

13. Claims 64 & 65 are rejected under 35 U.S.C. 103(a) as being unpatentable over Xu, as 
applied to claim 61 above, in view of U.S. Patent 5,905,859 to Holloway et al. (Holloway). Xu 
discloses user specified criteria/specifying or updating rules via firewall management service (p. 
281 §2.2.6), but lacks details about the specific hardware involved and therefore, lacks the 
configuration data transferred fi-om configuration software via a cable attachment. However, 
Holloway teaches that it is common in the art of managing network devices to supply an RS232 
serial port connection to change configuration parameters from a local console (col. 7 lines 11- 
32), Therefore, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to transfer configuration parameters via a cable attachment/RS232. One of 
ordinary skill in the art would have been motivated to perform such a modification to enable a 
local console to change configurafion parameters, as is knovm in the art to do, as taught by 
Holloway (col. 7 lines 1 1-32). 



Allowable Subject Matter 
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14. Claim 39 is objected to as being dependent upon a rejected base claim, but would be 
allowable if rewritten in independent form including all of the limitations of the base claim and 
any intervening claims. 

15. The following is a statement of reasons for the indication of allowable subject matter: 
Regarding claim 39, the prior art relied upon fails to teach or suggest invalidating a 

packet if the decision/result is not received by the time the end portion/last cell is received. 

Conclusion 

16. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. The '662 patent reference is cited for teaching a firewall modifying the checksum 
in the data portion of an IEEE 1394 packet to invalidate the packet at the receiving end, 
when a security device decides the packet is to be blocked. 

b. The Newton and Derfler, Jr. references are cited for teaching ATM; 

c. The "ATM", "ATM Efficiency" web references and '695, '316, '797, '816 & 
'992 patent references are cited for teaching the burst size (set of ATM cells) equal to one 
IP packet, effectively transferring on burst (or frame) per IP packet. 

17. THIS ACTION IS MADE FINAL. AppHcant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
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MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

1 8. Any inquiry concerning this commimication or earlier communications from the 
examiner should be directed to Michael J. Simitoski whose telephone number is (571) 272-3841 . 
The examiner can normally be reached on Monday - Thursday, 6:45 a.m. - 4:15 p.m.. The 
examiner can also be reached on alternate Fridays from 6:45 a.m. - 3:15 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Gregory Morse can be 
reached at (571)272-3838. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
Washington, DC 20231 
Or faxed to: 

(703)746-7239 (for formal communications intended for entry) 

Or: 

(571)273-3841 (Examiner's fax, for informal or draft communications, please 
label "PROPOSED" or "DRAFT") 

Any inquiry of a general nature or relating to the status of this application or proceeding should be directed to the 
receptionist whose telephone number is (571) 272-2100. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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